A nasty little problem - you've maybe encountered it already - that's been creeping its way around the Not-For-Profits relates to the fact that, apparently, a high % of the sector uses Blackbaud CRM software. I presume it's cheap.
And insecure. For Blackbaud has been held to ransom by someone who's hacked it, and made off with its users' clients' details. On a pretty large scale, it would seem.
A couple of interesting aspects. Firstly, this has been known about for weeks. But the speed with which Blackbaud's users have 'fessed up to their own clients has varied tremendously. Very much a laggard in this regard is ... the Labour Party, who've only just acknowledged this to their members whose data had flown the nest. Why so coy for so long, Mr Starmer? What bad-news-management mode were you in when they first told you about it?
Of wider import: Blackbaud gaily tell the world that "they have paid the ransom demanded by the cybercriminal and have received assurances that the data was destroyed as a result". WTF? Are those affected supposed to believe assurances from, errr, acknowledged criminals? Why wouldn't said hackers not make multiple copies and sell to whomever will pay?
Or is there a binding international Ransom Protocol I've never heard of, with ISO standards for conduct, arbitration in the Hague, and certification by General de Chastelian?